[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access control 'set=', no problem any more (ITS#3140)
Yes, it's working fine now.
Thanks for fixing it so fast !
Best regards,
Herve
----- Original Message -----
From: <ando@sys-net.it>
To: <openldap-its@OpenLDAP.org>
Sent: Wednesday, May 12, 2004 11:32 PM
Subject: Re: access control 'set=' problem (ITS#3140)
>
> > I think I got it: the function that evaluates if a set matches
> > calls aci_match_set(), which on turn calls backend_attribute()
> > to access the specific attribute that's used by the set in a
> > backend-independent manner. This function has been recently
> > reworked to only access those attributes that can be actually
> > accessed by the requester, i.e. it assesses access permission
> > as well, causing the andless recursion I mentioned earlier.
> >
> > I think a solution would be to specialize backend_attribute to
> > skip ACL check on certain calls. I'll have a look at it.
>
> It should now be fixed in HEAD; please test. Thanks for reporting
> the problem.
>
> p.
>